Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZA0u1W1C7OycvBCxEd6TciAsgTc.roa
File:                     ZA0u1W1C7OycvBCxEd6TciAsgTc.roa (raw, json)
Hash identifier:          phqArVRr0+HWvTj+qVQFViMMA8fZMYeOFSIUsrJW4zQ=
Subject key identifier:   64:0D:2E:D5:6D:42:EC:EC:9C:BC:10:B1:11:DE:93:72:20:2C:81:37
Certificate issuer:       /CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
Certificate serial:       018FB5C03157CF17F2BBE0E1A38FD29B2B36
Authority key identifier: F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZA0u1W1C7OycvBCxEd6TciAsgTc.roa
Signing time:             Sun 26 May 2024 16:33:42 +0000
ROA not before:           Sun 26 May 2024 16:33:42 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     834
IP address blocks:        89.42.81.0/24 maxlen: 24
                          89.42.82.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 13 Jun 2024 23:00:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:b5:c0:31:57:cf:17:f2:bb:e0:e1:a3:8f:d2:9b:2b:36
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f1d46e0e3e8caaaed4a529bd7d7308bd1ef01c1d
        Validity
            Not Before: May 26 16:33:42 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=640d2ed56d42ecec9cbc10b111de9372202c8137
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:7c:38:5c:26:0e:4d:c3:13:0c:c9:23:56:3f:
                    f7:12:d1:4d:7a:3e:50:54:95:e9:62:e9:91:1a:bc:
                    c2:a5:15:de:c0:1b:b6:46:27:fc:c5:92:35:b2:7c:
                    5c:98:a1:96:de:0c:84:bd:79:2c:1e:d1:61:ed:60:
                    86:d9:5a:6d:f2:d3:68:e1:6c:f1:db:fe:9a:a2:e6:
                    88:9f:81:75:a5:be:d8:21:73:cd:54:06:71:85:30:
                    84:80:6e:89:40:36:61:8f:72:8c:99:60:b0:2c:62:
                    e6:30:63:a4:71:09:89:02:fe:bf:7b:db:77:48:16:
                    fb:9a:ab:84:e7:36:cd:55:d6:48:43:34:d6:3f:e8:
                    e2:b1:7c:d3:1f:4f:6c:b6:bd:fc:c6:94:61:08:48:
                    f6:eb:85:b5:3a:2e:42:0f:eb:64:f3:d5:fc:60:5a:
                    bb:75:21:ad:1e:a9:49:d4:b5:30:d7:50:77:48:f5:
                    e2:89:f5:8d:bb:5a:12:ce:ea:a8:7f:ac:c2:06:38:
                    9b:b6:a3:d4:2e:67:28:33:1c:84:ae:a8:52:7b:6e:
                    03:ef:cb:60:e0:30:bb:31:81:b6:71:0b:24:e1:33:
                    b8:1e:da:e2:89:51:ef:be:e7:9c:df:79:13:24:f4:
                    67:b5:6c:7b:c0:6e:da:1b:1c:48:b5:e7:54:7c:2a:
                    0a:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:0D:2E:D5:6D:42:EC:EC:9C:BC:10:B1:11:DE:93:72:20:2C:81:37
            X509v3 Authority Key Identifier:
                keyid:F1:D4:6E:0E:3E:8C:AA:AE:D4:A5:29:BD:7D:73:08:BD:1E:F0:1C:1D

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/ZA0u1W1C7OycvBCxEd6TciAsgTc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ab/84eb44-bbdf-46c1-b043-b42f23d828c3/1/8dRuDj6Mqq7UpSm9fXMIvR7wHB0.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  89.42.81.0-89.42.83.255

    Signature Algorithm: sha256WithRSAEncryption
         7e:72:10:4c:d5:2a:5b:ff:99:7b:fe:69:95:02:bb:2b:67:82:
         21:e4:7b:35:22:a8:a6:3e:dd:2c:d7:c4:d5:96:62:8c:6f:db:
         5d:fb:3d:bb:af:86:d2:54:b9:3a:1c:fb:09:3a:bd:cd:36:c1:
         ff:9a:25:e0:33:d2:fe:7f:fe:68:ab:40:f8:d1:1f:d4:7b:44:
         01:4b:0e:e9:7d:fc:b0:ac:99:ca:18:68:f1:30:94:10:c0:74:
         c0:5a:ba:bc:70:47:24:2f:99:c7:45:4c:0a:f7:47:5f:a3:21:
         b9:d9:86:31:10:66:e8:c9:3a:71:2d:5d:1f:28:f5:00:4d:a7:
         c0:6f:8e:1f:80:df:67:5b:13:b9:3f:29:c3:f6:ab:58:12:ca:
         58:d5:44:5d:73:33:c9:17:85:45:d3:ba:4f:7c:dc:ec:b6:c4:
         9b:c1:47:a1:31:72:0e:9d:6d:d1:4c:bc:f4:c5:c3:6e:9b:dc:
         cd:b0:06:bb:51:12:3c:ab:1b:8f:54:a7:8b:8b:43:f5:4d:c4:
         b6:e3:ae:56:e6:41:58:f2:c7:07:6c:09:50:7e:01:86:ed:9f:
         e5:fa:92:50:4e:5e:01:2d:1e:bf:bc:f9:e9:71:a0:2c:f9:b8:
         92:b1:ef:0f:c3:7a:c2:27:db:9d:4c:33:52:41:f8:23:9f:dd:
         07:0a:05:9e
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAY+1wDFXzxfyu+Dho4/Smys2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxZDQ2ZTBlM2U4Y2FhYWVkNGE1MjliZDdkNzMwOGJkMWVm
MDFjMWQwHhcNMjQwNTI2MTYzMzQyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDBkMmVkNTZkNDJlY2VjOWNiYzEwYjExMWRlOTM3MjIwMmM4MTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu3w4XCYOTcMTDMkjVj/3EtFNej5Q
VJXpYumRGrzCpRXewBu2Rif8xZI1snxcmKGW3gyEvXksHtFh7WCG2Vpt8tNo4Wzx
2/6aouaIn4F1pb7YIXPNVAZxhTCEgG6JQDZhj3KMmWCwLGLmMGOkcQmJAv6/e9t3
SBb7mquE5zbNVdZIQzTWP+jisXzTH09str38xpRhCEj264W1Oi5CD+tk89X8YFq7
dSGtHqlJ1LUw11B3SPXiifWNu1oSzuqof6zCBjibtqPULmcoMxyErqhSe24D78tg
4DC7MYG2cQsk4TO4HtriiVHvvuec33kTJPRntWx7wG7aGxxItedUfCoKhQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFGQNLtVtQuzsnLwQsRHek3IgLIE3MB8GA1UdIwQY
MBaAFPHUbg4+jKqu1KUpvX1zCL0e8BwdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMt
YjQyZjIzZDgyOGMzLzEvWkEwdTFXMUM3T3ljdkJDeEVkNlRjaUFzZ1RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYi84NGViNDQtYmJkZi00NmMxLWIwNDMtYjQyZjIzZDgyOGMz
LzEvOGRSdURqNk1xcTdVcFNtOWZYTUl2Ujd3SEIwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBABZKlED
BAJZKlAwDQYJKoZIhvcNAQELBQADggEBAH5yEEzVKlv/mXv+aZUCuytngiHkezUi
qKY+3SzXxNWWYoxv2137PbuvhtJUuToc+wk6vc02wf+aJeAz0v5//mirQPjRH9R7
RAFLDul9/LCsmcoYaPEwlBDAdMBaurxwRyQvmcdFTAr3R1+jIbnZhjEQZujJOnEt
XR8o9QBNp8Bvjh+A32dbE7k/KcP2q1gSyljVRF1zM8kXhUXTuk983Oy2xJvBR6Ex
cg6dbdFMvPTFw26b3M2wBrtREjyrG49Up4uLQ/VNxLbjrlbmQVjyxwdsCVB+AYbt
n+X6klBOXgEtHr+8+elxoCz5uJKx7w/DesIn251MM1JB+COf3QcKBZ4=
-----END CERTIFICATE-----